Thread: vundo infection and various others
View Single Post
Old 07-03-2007, 02:42 AM   #1 (permalink)
nessa333
Registered User
 
Join Date: Jun 2007
Posts: 10
OS: XP


vundo infection and various others
Hi
Could you please help me. When using Explorer i am get constant pop ups. I have tried various virus scans which pick up vundo and addcookies. The virus scans say they remove them but when i log on again, everything is the same.
As advised, i have posted logs below. Any help would be fantastic

Deckard's System Scanner v20070611.50
Run by Ness on 2007-07-03 at 18:24:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2007-07-03 08:24:44 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Ness.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:27:50 PM, on 3/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Mouse Driver\MouseDrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Ness\Application Data\tmp23.tmp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ness\Application Data\tmpB1.tmp.exe
C:\Documents and Settings\Ness\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Ness.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/ap/ap/en/gen/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/ap/ap/en/gen/default.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\tmp68.tmp.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7942d531-d61f-4108-9d3b-abc8f7e8312e} - C:\WINDOWS\system32\jgawdes.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CreativeMouse ] C:\Program Files\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Z0R6Ephi] C:\WINDOWS\osekari.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...6/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - AppInit_DLLs: c:\windows\system32\vtutrpo.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: amcESP - amcESP.dll (file missing)
O20 - Winlogon Notify: cmprad - cmprad.dll (file missing)
O20 - Winlogon Notify: Dao2eml - Dao2eml.dll (file missing)
O20 - Winlogon Notify: dpvagn - dpvagn.dll (file missing)
O20 - Winlogon Notify: eudipt - eudipt.dll (file missing)
O20 - Winlogon Notify: glm737 - glm737.dll (file missing)
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: ipvtup - ipvtup.dll (file missing)
O20 - Winlogon Notify: jgawdes - C:\WINDOWS\SYSTEM32\jgawdes.dll
O20 - Winlogon Notify: mmsapi - mmsapi.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DomainService - Unknown owner - C:\Documents and Settings\Ness\Application Data\tmp35.tmp.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.0.1) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.0.1>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 ENETHUSB (Speedstream Ethernet USB Adapter) - c:\windows\system32\drivers\enethusb.sys <Not Verified; Siemens Subscriber Networks, Inc.; Speedstream Ethernet USB Adapter>
S3 iBurstu (iBurst Terminal) - c:\windows\system32\drivers\iburstu.sys (file missing)
S3 wanatw (WAN Miniport (ATW)) - c:\windows\system32\drivers\wanatw4.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 NICCONFIGSVC - c:\program files\dell\nicconfigsvc\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>
R2 WLANKEEPER - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSOFSet Service>
R3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S2 DomainService - c:\documents and settings\ness\application data\tmp35.tmp.exe /service (file missing)


-- Scheduled Tasks -------------------------------------------------------------

2007-06-13 09:29:05 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-04-01 01:00:20 350 --a------ C:\WINDOWS\Tasks\McQcTask.job
2007-03-01 05:55:41 348 --a------ C:\WINDOWS\Tasks\McDefragTask.job


-- Files created between 2007-06-03 and 2007-07-03 -----------------------------

2007-07-03 18:18:36 0 d-------- C:\WINDOWS\LastGood
2007-07-03 18:17:09 134914 --a------ C:\WINDOWS\geefdb.dll
2007-07-02 22:29:18 0 d-------- C:\Program Files\SpywareBlaster
2007-07-02 22:21:09 21312 --a------ C:\WINDOWS\choice.exe
2007-07-02 22:20:29 0 d-------- C:\ie-spyad
2007-07-02 21:33:14 134972 --a------ C:\WINDOWS\awussr.dll
2007-07-02 20:47:23 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-07-02 20:13:55 38232 --a------ C:\WINDOWS\system32\jgawdes.dll
2007-07-02 20:13:43 49252 --a------ C:\WINDOWS\system32\awtsp.exe
2007-06-27 21:53:53 49252 --a------ C:\WINDOWS\system32\gebcc.exe
2007-06-27 21:48:51 0 --a------ C:\WINDOWS\system32\awtsq.exe
2007-06-27 21:38:39 0 d-------- C:\VundoFix Backups
2007-06-26 18:46:34 49252 --a------ C:\WINDOWS\system32\mljjh.exe
2007-06-25 21:36:17 49252 --a------ C:\WINDOWS\system32\mllml.exe
2007-06-25 20:54:22 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-06-25 20:52:50 0 d--h----- C:\Documents and Settings\Administrator\Templates
2007-06-25 20:52:50 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2007-06-25 20:52:50 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2007-06-25 20:52:50 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2007-06-25 20:52:50 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2007-06-25 20:52:50 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2007-06-25 20:52:50 0 dr------- C:\Documents and Settings\Administrator\My Documents
2007-06-25 20:52:50 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2007-06-25 20:52:50 0 dr------- C:\Documents and Settings\Administrator\Favorites
2007-06-25 20:52:50 0 d-------- C:\Documents and Settings\Administrator\Desktop
2007-06-25 20:52:50 0 d--hs---- C:\Documents and Settings\Administrator\Cookies
2007-06-25 20:52:50 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2007-06-25 20:52:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-06-25 20:52:50 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2007-06-25 20:52:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\Intel
2007-06-25 20:52:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-06-25 20:52:49 786432 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-06-25 18:28:14 49252 --a------ C:\WINDOWS\system32\pmnlm.exe
2007-06-24 10:43:39 49252 --a------ C:\WINDOWS\system32\pmkjk.exe
2007-06-24 00:53:55 49252 --a------ C:\WINDOWS\system32\vtutu.exe
2007-06-24 00:37:46 49252 --a------ C:\WINDOWS\system32\awtqr.exe
2007-06-24 00:26:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-06-23 23:46:56 0 d-------- C:\Program Files\Monopoly 3
2007-06-23 23:37:20 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-06-23 23:36:29 0 d-------- C:\Program Files\SUPERAntiSpyware
2007-06-23 23:36:29 0 d-------- C:\Documents and Settings\Ness\Application Data\SUPERAntiSpyware.com
2007-06-23 23:34:56 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-23 22:35:53 0 d-------- C:\Documents and Settings\Ness\Application Data\GetRightToGo
2007-06-22 23:11:56 0 d-------- C:\Incomplete
2007-06-22 22:40:43 49252 --a------ C:\WINDOWS\system32\ddccc.exe
2007-06-21 22:52:16 47899 --a------ C:\WINDOWS\system32\vturp.exe
2007-06-21 07:24:28 47899 --a------ C:\WINDOWS\system32\vtstu.exe
2007-06-20 18:10:42 47899 --a------ C:\WINDOWS\system32\jkhhe.exe
2007-06-20 07:26:09 47899 --a------ C:\WINDOWS\system32\vturo.exe
2007-06-19 00:19:57 0 d-------- C:\Program Files\AVG Anti-Spyware 7.5
2007-06-19 00:19:07 47899 --a------ C:\WINDOWS\system32\ssqrs.exe
2007-06-18 23:55:45 47899 --a------ C:\WINDOWS\system32\jkhff.exe
2007-06-18 23:50:38 47899 --a------ C:\WINDOWS\system32\pmnll.exe
2007-06-18 23:45:36 10240 --a------ C:\WINDOWS\system32\gebya.exe
2007-06-15 22:21:21 47899 --a------ C:\WINDOWS\system32\awtqq.exe
2007-06-04 17:57:40 0 d-------- C:\Program Files\iPod


-- Find3M Report ---------------------------------------------------------------

2007-07-03 18:23:36 4608 --a------ C:\Documents and Settings\Ness\Application Data\tmpB1.tmp.exe
2007-07-03 18:17:18 73971 --a------ C:\Documents and Settings\Ness\Application Data\tmp68.tmp.exe
2007-07-03 18:17:06 128231 --a------ C:\Documents and Settings\Ness\Application Data\tmp67.tmp.exe
2007-07-03 18:10:29 4608 --a------ C:\Documents and Settings\Ness\Application Data\tmp23.tmp.exe
2007-07-02 22:10:05 73991 --a------ C:\Documents and Settings\Ness\Application Data\tmp581.tmp.exe
2007-07-02 21:56:03 0 d-------- C:\Program Files\OptusNet DSL Internet
2007-07-02 21:55:51 0 d-------- C:\Program Files\MSN Messenger
2007-07-02 21:55:43 0 d-------- C:\Program Files\Mouse Driver
2007-07-02 21:51:54 0 d-------- C:\Program Files\iTunes
2007-07-02 21:51:17 0 d-------- C:\Program Files\Digital Line Detect
2007-07-02 21:49:12 0 d-------- C:\Program Files\Apoint
2007-07-02 21:33:10 128222 --a------ C:\Documents and Settings\Ness\Application Data\tmp3B9.tmp.exe
2007-07-02 20:32:09 73991 --a------ C:\Documents and Settings\Ness\Application Data\tmpBB.tmp.exe
2007-07-02 20:30:30 128222 --a------ C:\Documents and Settings\Ness\Application Data\tmpB3.tmp.exe
2007-07-02 20:13:36 0 d-------- C:\Documents and Settings\Ness\Application Data\SiteAdvisor
2007-06-27 21:37:45 128153 --a------ C:\Documents and Settings\Ness\Application Data\tmp22.tmp.exe
2007-06-26 18:48:33 73931 --a------ C:\Documents and Settings\Ness\Application Data\tmp16.tmp.exe
2007-06-24 23:08:56 73929 --a------ C:\Documents and Settings\Ness\Application Data\tmpB0.tmp.exe
2007-06-23 22:30:31 0 d-------- C:\Documents and Settings\Ness\Application Data\LimeWire
2007-06-22 22:50:43 0 d-------- C:\Program Files\McAfee
2007-06-21 23:45:20 128176 --a------ C:\Documents and Settings\Ness\Application Data\tmp84.tmp.exe
2007-06-20 20:12:38 240546 --a------ C:\Documents and Settings\Ness\Application Data\tmp89.tmp.exe
2007-06-19 00:01:59 0 d-------- C:\Program Files\Java
2007-06-18 23:40:59 147456 --a------ C:\Documents and Settings\Ness\Application Data\tmp83.tmp.exe
2007-06-18 23:38:16 147456 --a------ C:\Documents and Settings\Ness\Application Data\tmp7B.tmp.exe
2007-06-18 23:35:58 147456 --a------ C:\Documents and Settings\Ness\Application Data\tmp61.tmp.exe
2007-06-18 20:51:07 0 d-------- C:\Documents and Settings\Ness\Application Data\Sun
2007-06-15 23:30:22 0 d-------- C:\Documents and Settings\Ness\Application Data\Adobe
2007-06-12 19:46:28 0 d-------- C:\Program Files\Common Files\Adobe
2007-06-04 18:30:27 0 d-------- C:\Program Files\mIRC
2007-06-04 17:45:17 0 d-------- C:\Program Files\Apple Software Update
2007-05-22 22:40:22 0 d-------- C:\Program Files\LimeWire
2007-05-08 20:33:16 0 d-------- C:\Program Files\SiteAdvisor
2007-05-05 12:00:10 0 d-------- C:\Program Files\Siemens Subscriber Networks
2007-05-04 21:22:55 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-05-04 21:16:58 0 d-------- C:\Program Files\QuickTime


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{089FD14D-132B-48FC-8861-0048AE113215} C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
{1F6581D5-AA53-4b73-A6F9-41420C6B61F1} C:\WINDOWS\system32\tmp68.tmp.dll
{5CA3D70E-1895-11CF-8E15-001234567890} C:\WINDOWS\system32\dla\tfswshx.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{7942d531-d61f-4108-9d3b-abc8f7e8312e} C:\WINDOWS\system32\jgawdes.dll
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} c:\program files\mcafee\virusscan\scriptcl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
@=""
"IntelWireless"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"ISUSPM Startup"="C:\\PROGRA~1\\COMMON~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup"
"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"
"CreativeMouse "="C:\\Program Files\\Mouse Driver\\MouseDrv.exe"
"IST Service"="C:\\Program Files\\ISTsvc\\istsvc.exe"
"Z0R6Ephi"="C:\\WINDOWS\\osekari.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"LogitechCommunicationsManager"="\"C:\\Program Files\\Common Files\\Logitech\\LComMgr\\Communications_Helper.exe\""
"LogitechQuickCamRibbon"="\"C:\\Program Files\\Logitech\\QuickCam10\\QuickCam10.exe\" /hide"
"LVCOMSX"="\"C:\\Program Files\\Common Files\\Logitech\\LComMgr\\LVComSX.exe\""
"SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\6066\\SiteAdv.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Desktop Service Centre"="C:\\Program Files\\OptusNet DSL Internet\\DSC.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\Quickset.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\amcESP
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cmprad
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Dao2eml
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dpvagn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\eudipt
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\glm737
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ipvtup
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jgawdes
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mmsapi

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="c:\windows\system32\vtutrpo.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9281c87-1eac-11da-ad97-00c0eec3149e}]
Shell\AutoRun\command E:\setupSNK.exe


-- End of Deckard's System Scanner: finished at 2007-07-03 at 18:29:40 ---------
Attached Files
File Type: txt extra.txt (12.7 KB, 1 views)
nessa333 is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here